Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI SQL Client JDBC

TABLE OF CONTENTS

Create a keytab

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJan 04, 2023
  • 2 minute read

Follow this procedure to create a keytab and configure PI SQL Client JDBC to use it.

  1. To create a keytab, open a Command Prompt window and use the cd command to change the directory to your JRE installation bin folder.

  2. Type ktab -a USERNAME@MY_REALM, where USERNAME is your username and MY_REALM is your realm name, and press Enter.

    Note: USERNAME@MY_REALM is case sensitive. Authentication will fail if there is a case mismatch.

  3. When prompted, enter your credentials and press Enter.

    The keytab is created as {user.home}{file.separator}krb5.keytab.

  4. Set the Use Keytab driver property to True. This is a PI SQL Client JDBC driver property, not to be confused with the Krb5LoginModule useKeyTab configuration option found in PISQLJDBCLogin.conf below.

  5. Copy PISQLJDBCLogin.conf file from PI SQL Client JDBC installation folder to your user directory.

  6. Use a text editor to open the PISQLJDBCLogin.conf file you just copied to your user directory. Do not modify the one located in the PI SQL Client JDBC installation folder.

  7. Replace USERNAME@MY_REALM in the configuration file with your valid principal name.

    USERNAME@MY_REALM must be the same as the one specified in the ktab command.

    Caution: Do not change anything else in the file.

    The file should look like the following example:

    JDBCJaasLogInKerberos {
    com.sun.security.auth.module.Krb5LoginModule required
    useTicketCache=false
    doNotPrompt=true
    useKeyTab=true
    principal="USERNAME@MY_REALM";
    };

  8. Save and close the PISQLJDBCLogin.conf file.

  9. Use a text editor to open or create the Kerberos configuration file.

    On Windows operating systems, the Kerberos configuration file is C:\WINDOWS\krb5.ini. On Linux, macOS, and Oracle Solaris, the files is /etc/krb5.conf.

  10. Set the Forwardable option to True in the Kerberos configuration file.

    The file should look like the following example:

    [libdefaults]
    forwardable = true
    default_realm = MY_REALM.INT
    [realms]
    MY_REALM = {
    kdc = MY_KDC.MY_REALM.INT
    }

  11. Save and close the Kerberos configuration file.

TitleResults for “How to create a CRG?”Also Available in